Cequence Named a Strong Performer in The Forrester Wave™: Bot Management

April 12, 2022

As a Co-founder and Chief Product Officer, I am happy to read the latest Forrester WaveTM Bot Management, Q2 2022, where Cequence is named as a strong performer. Highlights from the report write up include “strong go-to-market and execution roadmap” and an “API-first strategy.” Reading positive words from a respected analyst is great, but there are several other reasons for me to be happy about this report.

This is our first participation in the Forrester WaveTM Bot Management report.

First off, I want to acknowledge that participating in the Forrester WaveTM process takes a lot of doing. It evaluates vendors using a 25 point selection criteria with a detailed questionnaire and demo. This is followed by customer references to validate vendors’ claims. Our tremendous growth in terms of customers, revenue and employees has enabled us to participate this time and we are delighted to do well in our first attempt. Having been through the process once, we have better appreciation and understanding of the process, and we are confident that we will do even better the next time.

Cequence is the only API Security vendor to be mentioned in this report.

The API Security market is a crowded space with many vendors offering a variety of capabilities on the spectrum. Almost all of them claim detection of bot attacks, like ATOs and resource exhaustion, since these are included in the OWAS API Top 10 list. Many of these vendors can only detect attacks and do not have native mitigation capabilities, instead relying solely on sending signals to a WAF or another tool. This is a very limiting approach in the Bot Management space. None of the API security vendors made it in this year’s the Forrester WaveTM Bot Management report. This report validates Cequence Security’s leadership position in the API Security space by stating – “Customers aligned with Cequence’s API-first vision should consider the vendor as a viable bot management option”.

Recognition of our advanced ML/AI that can handle bots’ evolution and evasion.

Our customers appreciated the product’s “ability to adapt to changes in bot behavior”. This is a huge accolade for us. All Cequence Security customers that Forrester referenced for this report, are Fortune 50 names and are a huge target for bots. In just these few reference customers, we are protecting roughly 1 billion API transactions per day. Some of these customers have been using our product for 6 years and together we have seen bots evolve from simple tools to Bot-as-a-Service with the level of sophistication outsmarting most other Bot Management vendors in the report. Our close partnership with our customers is a key reason for why Cequence Security has a never lost a customer and we have displaced the leaders in this report in many large enterprise accounts. Our investments in ML/AI, our product innovation and our key customers (who are prime targets for bots) has kept us ahead in the game of sustained efficacy.

Endorsement of our strategy.

The Forrester WaveTM Bot Management report scored highlighted our strategy and vision. Our vision since the beginning of the company is that web applications will become just presentation of business logic driven by APIs. Therefore, protecting web applications from attacks is all about protecting APIs. Protecting web applications with integration into their presentation layer with JavaScript and mobile applications with SDKs that also interfere with the presentation layer, is a losing strategy. Very often we are brought in by large enterprises to protect their APIs from bot attacks, while they have deployed other vendors in this report for web application protection. The sustained efficacy, visibility and ease of deployment we provide is so compelling that we eventually displace these vendors to protect all their public facing assets. The report underscores this strategy in a big way by saying this about API Security and Bot Management – “the two are inextricably tied together”.

Product dashboard and integrations.

Our product’s dashboard and its ability analyze and visualize each application/API traffic individually is unique in this space. So is our ability to import data feeds and export findings to enhance the overall efficacy of the solution and its value to customers. Security personnel love the detailed analysis from the ML/AI engine on each and every API call presented in the dashboard. The class of customers we serve cares deeply about false positives, as they negatively impact the end-user and ultimately the business. Having a detailed explanation of every detection helps them vet these results and adjust thresholds to provide optimum security with minimal false positives. Integrations into several security and fraud systems on suspicious but “not bad enough” API calls leads to overall higher efficacy of the security eco-system.

We also one fundamental disagreement with the report. It penalizes us for not having out-of-the-box list of good bots. It ignores the fundamental difference in our ML/AI and approach to this problem. Most other vendors have such lists, and they are based on certain HTTP headers, geo-IP information of good bots like search engines, marketing analytics, application performance monitors, etc. We don’t need such a list. Our ML/AI automatically learns good bot behavior from bad bots and automatically classifies them in out-of-the-box policies which govern how the good bots are managed. These behavior patterns are shared among industry peers when applicable. This approach reduces the burden on security operations people by not having to manually configure hundreds of good bots. Our customers love it because they don’t have to worry about changes to good bots and introduction of new good bots. With other vendors, customers are stuck with their vendors updating their static good bot list while Cequence customers automatically get the update based on the bot’s behavior, no configuration change needed.

Finally, no report of such kind is perfect and fair to all vendors. While we are pleased with our results, we do believe there is a bias towards vendors with higher number of customers, without any consideration to average customer value (ACV), average length of customer relationship. Not surprising that 2/3 leaders are CDN vendors, and the other 3rd focuses on mid-market customers. Why does this matter? It ignores the sophistication of bot attacks and sustained efficacy solutions must provide to continuously protect them from this ever-evolving threat. We will provide this feedback to Forrester and look forward to participating in the next cycle. Thank you, Forrester.

Read the latest Forrester WaveTM Bot Management Today!

analystForester WaveForresterindustry trends

About the Author

Ameya Talwalkar

President, Chief Executive Officer & Founder

unified api protection vs api security
5 July 2022

Unified API Protection vs. API Security: What’s the Difference?

Read More
10 June 2022

RSAC 2022 Highlights

Read More
IOCs in your APIs
8 June 2022

IOCs in your APIs

Read More
API Spyder
7 June 2022

Discover Public API Attack Surface with new API Spyder

Read More
7 June 2022

Unified API Protection – A Solution Whose Time Has Come

Read More

Subscribe to our blog

Cequence Security Introduces World’s First Unified API Protection Solution. Read the blog